package com.tyq.auth.security.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * 自定义安全配置类
 * 当security与oauth2同时使用时，安全配置信息写在资源服务器中，所以这里不需要配置
 *
 * @author 谭永强
 * @date 2024-05-20
 */
@Configuration
public class MySecurityConfig extends WebSecurityConfigurerAdapter {

    /*@Resource
    private MyAuthenticationSuccessHandler myAuthenticationSuccessHandler;
    @Resource
    private MyAuthenticationFailureHandler myAuthenticationFailureHandler;
    @Resource
    private MyAccessDeniedHandler myAccessDeniedHandler;
    @Resource
    private MyLogoutSuccessHandler myLogoutSuccessHandler;
    @Resource
    private MyAuthenticationEntryPoint myAuthenticationEntryPoint;*/

    /**
     * 重写安全配置信息
     *
     * @param http 安全配置
     * @throws Exception 异常
     */
    /*@Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                //表单登录
                .formLogin()
                //将`/login`请求认为是登录请求，该url必须与前端登录页面发送的请求一致，接收到该请求后就会去执行`UserDetailsServiceImpl`的登录逻辑
                .loginProcessingUrl("/login")
                //自定义登录成功处理器，不能与successForwardUrl共存
                .successHandler(myAuthenticationSuccessHandler)
                //自定义登录失败处理器，不能与failureForwardUrl共存
                .failureHandler(myAuthenticationFailureHandler)
                .and()
                //配置退出功能
                .logout()
                //自定义退出登录成功处理器
                .logoutSuccessHandler(myLogoutSuccessHandler)
                .and()
                .exceptionHandling()
                //自定义未认证请求处理器
                .authenticationEntryPoint(myAuthenticationEntryPoint)
                //自定义无权限请求处理器
                .accessDeniedHandler(myAccessDeniedHandler)
                .and()
                //请求拦截器
                .authorizeRequests()
                //设置不需要认证的请求
                .antMatchers("/login.html", "/error.html", "/favicon.ico").permitAll()
                .antMatchers("/oauth/**").permitAll()
                //所有请求需要认证
                //.anyRequest().authenticated()
                //校验当前用户是否有该uri访问权限，权限表达式不能与authenticated()共存，因为权限判断的前提就是已经成功认证。
                .anyRequest().access("@myAccessServiceImpl.hasPermission(request, authentication)")
                .and()
                //关闭cors防护
                .cors().disable()
                //关闭csrf防护
                .csrf().disable()
                //使用JWT，关闭session
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    }*/

    /**
     * 需要配置这个支持password模式
     *
     * @return AuthenticationManager
     * @throws Exception 异常信息
     */
    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }


}